9c3dd40b4539a812baabc3b8e1cec9ae45a39ec8d799c1bd6e53d9d64a2366f0

Resubmissions

07/07/2024, 20:29

240707-y91taaxgjk 4

07/07/2024, 20:21

240707-y48lyaxflq 4

20/04/2024, 11:56

240420-n355bagg7x 4

Analysis

max time kernel
127s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
07/07/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Graillon-FREE-2.8/Windows/Graillon-2-FREE-2.8.0.exe
Size

9.4MB
MD5

b15e6247e307fe3438f17aa05688ae5e
SHA1

f68fe99bf6e6ed87b8d192406f01a3669e440cd2
SHA256

b17c4d698a7ff93edbe0512bbf180c896e3ff96c6be8495d3b08dfa1d5c1cf8d
SHA512

cdfe99a47ada756f5898dc91dda695926293b4ac5207d585d30d7572b17246443a9ddeba1f9d440e6e800cef535d8b9f6a4be21301f67c6f55cb0795ddf9032c
SSDEEP

196608:1tJV+nIDBO8XnlxYmRtxtGnScMHRAErNWw+xOE1h5hOUOkqkDioCnck10:1taIDBO8XlxYmttdcMHRzOxDOUO1CXCI

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct D# minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct E minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct G# minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Robot Correct.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Younger Speech.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\VST3\Auburn Sounds Graillon 2-64.vst3	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct B major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct F major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct F# major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Tuner Doubler.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct B minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct D major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct A minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Simple Octaver.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct C minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct G# major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct A# minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct C major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files (x86)\Common Files\VST3\Auburn Sounds Graillon 2.vst3	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Add Sub Quint.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct C# major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct C# minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct D# major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct G major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct G minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\x64\Auburn Sounds Graillon 2.aaxplugin	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\VSTPlugins\Auburn Sounds Graillon 2-64.dll	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files (x86)\VSTPlugins\Auburn Sounds Graillon 2.dll	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct D minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct E major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct F minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct F# minor.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Default.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Only in Full version.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct A major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Auburn Sounds Graillon 2.aaxplugin\Contents\Factory Presets\Graillon 2\Auburn Sounds Graillon 2 Factory Presets\Correct A# major.tfx	Graillon-2-FREE-2.8.0.exe
File created	C:\Program Files (x86)\Auburn Sounds\Graillon 2\Uninstall.exe	Graillon-2-FREE-2.8.0.exe

Loads dropped DLL 1 IoCs

pid	Process
1360	Graillon-2-FREE-2.8.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
760	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
760	vlc.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe

Suspicious use of SendNotifyMessage 17 IoCs

pid	Process
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe
760	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
760	vlc.exe

C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe
"C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
PID:1360

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StartResume.avi"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nskC506.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
67881de877d609b993b2ffd1dd2e15de

SHA1
0907cd3d92e38ae2bf143179a585df93282ca8cf

SHA256
b2c03cca8616ed720baab3d2e9c76a31503cfbdff348b67fdfe07bfed41de939

SHA512
092ee48c09703dfc3f3c6c41152e20e549191e39716efa6ed2f06657825282b8059e2b57e44e1b3baf9d21d1fd604d262e3ce9bbe77763ac9cde615a7655846a

Download Submit
memory/760-64-0x00007FF7857C0000-0x00007FF7858B8000-memory.dmp

Filesize
992KB

Download
memory/760-65-0x00007FF98FCA0000-0x00007FF98FCD4000-memory.dmp

Filesize
208KB

Download
memory/760-66-0x00007FF97ABF0000-0x00007FF97AEA6000-memory.dmp

Filesize
2.7MB

Download
memory/760-68-0x00007FF9918E0000-0x00007FF9918F7000-memory.dmp

Filesize
92KB

Download
memory/760-73-0x00007FF98C2A0000-0x00007FF98C2B1000-memory.dmp

Filesize
68KB

Download
memory/760-72-0x00007FF98C590000-0x00007FF98C5AD000-memory.dmp

Filesize
116KB

Download
memory/760-71-0x00007FF98C6E0000-0x00007FF98C6F1000-memory.dmp

Filesize
68KB

Download
memory/760-70-0x00007FF98C9D0000-0x00007FF98C9E7000-memory.dmp

Filesize
92KB

Download
memory/760-69-0x00007FF9900E0000-0x00007FF9900F1000-memory.dmp

Filesize
68KB

Download
memory/760-67-0x00007FF9919B0000-0x00007FF9919C8000-memory.dmp

Filesize
96KB

Download
memory/760-74-0x00007FF979FF0000-0x00007FF97A1FB000-memory.dmp

Filesize
2.0MB

Download
memory/760-75-0x00007FF98C250000-0x00007FF98C291000-memory.dmp

Filesize
260KB

Download
memory/760-86-0x00007FF98BDB0000-0x00007FF98BE17000-memory.dmp

Filesize
412KB

Download
memory/760-83-0x00007FF98C160000-0x00007FF98C171000-memory.dmp

Filesize
68KB

Download
memory/760-87-0x00007FF98B7B0000-0x00007FF98B82C000-memory.dmp

Filesize
496KB

Download
memory/760-90-0x00007FF980A30000-0x00007FF980A41000-memory.dmp

Filesize
68KB

Download
memory/760-89-0x00007FF981D60000-0x00007FF981DB7000-memory.dmp

Filesize
348KB

Download
memory/760-88-0x00007FF98BD90000-0x00007FF98BDA1000-memory.dmp

Filesize
68KB

Download
memory/760-82-0x00007FF98C180000-0x00007FF98C19B000-memory.dmp

Filesize
108KB

Download
memory/760-76-0x00007FF978F40000-0x00007FF979FF0000-memory.dmp

Filesize
16.7MB

Download
memory/760-81-0x00007FF98C1A0000-0x00007FF98C1B1000-memory.dmp

Filesize
68KB

Download
memory/760-80-0x00007FF98C1C0000-0x00007FF98C1D1000-memory.dmp

Filesize
68KB

Download
memory/760-79-0x00007FF98C1E0000-0x00007FF98C1F1000-memory.dmp

Filesize
68KB

Download
memory/760-78-0x00007FF98C200000-0x00007FF98C218000-memory.dmp

Filesize
96KB

Download
memory/760-77-0x00007FF98C220000-0x00007FF98C241000-memory.dmp

Filesize
132KB

Download
memory/760-85-0x00007FF98C110000-0x00007FF98C140000-memory.dmp

Filesize
192KB

Download
memory/760-84-0x00007FF98C140000-0x00007FF98C158000-memory.dmp

Filesize
96KB

Download